Skip to Content

Recently I wrote blog about Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS On same blog there was questions regarding JAVA SSO with SAML 2.0. I have seen so many documents regarding configuration of JAVA SAML but none of them I have found as recent with updated version of SAP NetWeaver.

I suddenly decided to write something on it and give an Idea to community that how can they achieve this. Keep in mind that SAML in ABAP and JAVA is almost same configuration and I am going to give an overview of it how to do it in Java system. For some of the steps I am going to refer you to look in my Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS document. Hope this will help everyone to configure SAML for JAVA

Matt Fraser also discussed on this Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS about SPNego on JAVA and this can be found at : Single Sign-On for Java with SPNego

Where to start?

Open Netweaver Administration screen on your java system http/s://host:port/nwa and navigate to Configuration >> Security >> Authentication and Single Sign-On >> SAML 2.0

Enable SAML 2.0 Support

Local Provider configuration

Provider name is your FQHN of system

On this screen click Browse button on Signing Key Pair

Press Create button

Create Key storage by continuing on screen

 

 

 

 

Continue on next screen

Click on Finish

Trusted providers Configuration

Change your tab within SAML 2.0 screen to Trusted Providers and select Add >> Specify Metadata URL

URL : https://fqdn of ADFS/FederationMetadata/2007-06/FederationMetadata.xml

Note: In ABAP system you need to provide XML file but in JAVA you can select URL of XML file

On this screen deselect Verify option and continue

Provide signed certificate

Note: How to create certificate look in to Fiori Launchpad:SSO made easy by SAML 2.0 with ADFS Section : Trusted Provider (Note getting certificate)

Provide Name and continue

Now continue on all steps with default settings till end of the wizard.

Now go to trusted provider Identity Federation tab and add Name ID Format (In my case username)

Now make sure you enable configuration and after download Local Provider Metadata.

Note: If your XML file get blank, restart both Local Provider and Trusted Provider.

 

Add Relying Party Trust

In order to configure this follow steps under Configure ADFS section on Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS

Now test your configuration If your configuration not work please check below settings on Components >> ticket

SAML2LoginModule is at the top of the list.

 

Thank you for reading

Yogesh

 

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Former Member

    Hi Yogesh,

    First off, thanks for the well documented steps for both JAVA and Fiori Launchpad SAML2 configuration with ADFS.

    I have a scenario to configure SSO for Fiori and EP where the AD user IDs are completely different from the SAP user ids. Also the AD users are from three different domains.

    And after going through various documents and your blog, what I understood is that the basic configuration remains same, but the claim configuration at ADFS side and SAP side will need to be configured accordingly. Could you please confirm if my understanding is correct and also what attributes I can use to attain SSO for EP and Fiori.

     

    Regards,

    Harsh

     

    (0) 

Leave a Reply